Discover and read the best of Twitter Threads about #hackthepentagon

Most recents (1)

Yes.
1. @four did a great job under tremendous pressure & made zero excuses. I don't think anyone could've done better under the circumstances. He said Uber made a mistake in both paying extortion (he was clear it wasn't a bug bounty) & failing to notify affected users & drivers.
2. I made the following points:
- it's great that there are more legal ways to report bugs, & ways to be paid bounties, but we are creating a skewed market by saying everyone needs a bug bounty without building a robust overall defense. More bug hunters does not = more bug fixers
- muddying defense market waters by misapplying the term bug bounty to the extortion payment Uber made makes it more likely others will try for a data theft $100,000 payout instead of a $10,000 legit bug bounty
- markets are created deliberately, & we must take care to shape them
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!